forum.coppermine-gallery.net

Support => cpg1.4.x Support => Older/other versions => cpg1.4 miscellaneous => Topic started by: mahdi1234 on January 29, 2009, 08:13:34 pm

Title: Exploit 1.4.19?
Post by: mahdi1234 on January 29, 2009, 08:13:34 pm

How about this one, do dev know it?

http://www.milw0rm.com/exploits/7909

Title: Re: Exploit 1.4.19?
Post by: Joachim Müller on January 29, 2009, 08:50:56 pm

Thanks for letting us know - that's a brand-new one. We'll look into this and come up with a resolution as soon as possible.

Title: Re: Exploit 1.4.19?
Post by: Abbas Ali on January 30, 2009, 06:38:37 am

I can confirm this exploit. Working for a fix.

The patch given by the reporter unsets all variables which were registered because of register_globals on. I think this is the correct way.

Title: Re: Exploit 1.4.19?
Post by: Joachim Müller on February 04, 2009, 11:33:52 am

cpg1.4.20 has just been released, which takes care of the exploit. See corresponding announcement thread cpg1.4.20 Security release - upgrade mandatory! (http://forum.coppermine-gallery.net/index.php/topic,57882.0.html)